adam's notes

Replay Attack

A replay attack is an attack where the attacker intercepts some authentication data and reuses it to try to reestablish a session.

  • aka repeat attack or playback attack
  • in context of web applications
    • may capture/guess the session token
  • is a type of man-in-the-middle attack
  • mitigated by:
    • including a timestamp or sequence number in each message
    • discard any message with a repeated timestamp or sequence number

Session Replay Attack

session replay attack is a replay attack in which a user’s session ID is used to impersonate the user and perform a fraudulent transaction or activity.

session ID is a unique number assigned to an authenticated user by a web application.

  • valid for the duration of the user’s session
  • used by a web application to identify an authenticated user

A replay attack most often means exploiting cookie-based sessions.

  • A cookie is created when the server sends an HTTP response header with the cookie data
  • cookie has
    • a name and value
    • optional security and expiry attributes
  • 2 types of cookies
    • nonpersistent cookies
      • are stored in memory and deleted when the browser instance is closed
    • persistent cookies
      • in which case they are stored in the browser cache until deleted by the user or pass a defined expiration date
  • used for session management
    • since HTTP is a stateless protocol
    • enables a web application to uniquely identify a user across a number of different actions and requests
  • session token identifies the user and may be used to prove that the user has been authenticated
  • can capture cookies by:
    • sniffing unencrypted network traffic
    • using malware
    • via cross-site scripting (XSS)

Session prediction attack focuses on identifying possible weaknesses in the generation of tokens that will enable an attacker to anticipate values that will establish sessions in the future.

  • session token:
    • must be generated using a non-predictable algorithm
    • must not reveal any information about the session client
  • proper session management:
    • limit the life span of a session
    • require reauthentication after a certain period

Graph View

Backlinks